malwarewikiaorg-20200223-history
FrozrLock
FrozrLock (also known as FileFrozr or AutoDecrypt) is a ransomware that runs on Microsoft Windows. It was discovered by security researcher David Montenegro and with help from Avast security researcher Jakub Kroustek. It is solded as a Ransomware-as-a-Service on the Dark Web for only $220. It is advertised under the tagline of "great security tool that encrypts most of your files in several minutes." It is aimed at English-speaking users. Based on the details listed on the homepage, FrozrLock has the following features (not confirmed): Coded in C# Multi-threaded Supports .NET > 4.5 Automatically deletes loader after infecting victim Doesn’t alter file extensions Self-deletes after payment was received All ransomware builds are obfuscated on the RaaS server and offered for download to customers Tor-based control panel Customers get unlimited rebuilds Ransomware uses unique keys for each encrypted file Can use Twofish256, AES256, and RSA4096 encryption Payload Transmission FrozrLock is distributed in forums. It can also begin to spread through email spam and malicious attachments, fraudulent downloads, exploits, web injects, fake updates, repackaged and infected installers. Infection Wannabe crooks that had their interest piqued by this offering must register on the site to gain access to an account. Once they’ve created an account, they’re granted access to the ransomware’s web-based builder interface. To use the builder and produce a fully-working ransomware, clients must buy a license, currently worth 0.14 Bitcoin (around $220). The homepage lists the FILE FROZR name, but once users register and buy a license, the dashboard displays the FrozrLock name instead. Below is an image of the FrozrLock customer dashboard where customers can monitor infections. The service also provides customers with a decrypter that they can deliver to paying victims. The decrypter has three operation modes: auto, manual, and an alternate manual. A typical ransom note shown by a FrozrLock ransomware variant saids the following: Hello, stay calm because all your files can be decrypted again we just need your contribution and you can have access to all your files today. The process for you to have all your files that have been encrypted again is totally automatic and the payment of your contribution must be done in Bitcoins. If you do not know Bitcoin you just type in google how to buy Bitcoins in your country or visit the address http://localbitcoins.com and you can buy Bitcoins to be able to pay the contribution and have access to all your files again. The only way to get your files back is to pay our contribution in case you try to erase our systems with some antivirus or somehow your files will be lost forever and no one else will be able to decrypt since they are encrypted with a cryptography of 512 Bits and only our automatic system when detecting payment can decrypt your files. To get your files back you just need to get the value and payment address on this website http://iwantmyfiles.asia/payment.php?iD=***** Your ID: ***** Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Win32 trojan Category:Microsoft Windows Category:Trojan Category:Virus Category:Win32 virus